Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices High Availability Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
80
Local IP : 192.168.0.102
The output shows that when the status of the track entry becomes Positive, Firewall A is the master,
and Firewall B the backup.
# Enable VRRP state debugging and BFD event debugging on Firewall B.
<FirewallB> terminal debugging
<FirewallB> terminal monitor
<FirewallB> debugging vrrp state
<FirewallB> debugging bfd event
# When Firewall A fails, the following output is displayed on Firewall B.
*Dec 17 14:44:34:142 2008 FirewallB BFD/7/EVENT:Send sess-down Msg,
[Src:192.168.0.102,Dst:192.168.0.101,Ethernet1/1,Echo], instance:0, protocol:Track
*Dec 17 14:44:34:144 2008 FirewallB VRRP/7/DebugState: IPv4 gigabitethernet1/1 |
Virtual Router 1 : Backup --> Master reason: The status of the tracked object changed
# Display the detailed information of the VRRP group on Firewall B.
<FirewallB> display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface gigabitethernet1/1
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 192.168.0.10
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.102
VRRP Track Information:
Track Object : 1 State : Negative Switchover
The output shows that when BFD detects that Firewall A fails, it notifies VRRP through the track
module to change the status of Firewall B to master without waiting for a period three times the
advertisement interval. This ensures that a backup can quickly preempt as the master.
129BConfiguring BFD for the VRRP master to monitor the uplink
The following matrix shows the configuration example and hardware compatibility:
Hardware Exam
p
le a
pp
licable
F1000-A-EI/F1000-S-EI No
F1000-E No
F5000 Yes
Firewall module No
U200-A No
U200-S No